Decius wrote: ] Original Page: ] ] We call on ICANN to examine the procedures for changes in ] ] service, including provisions to protect users from ] ] abrupt changes in service. ] ] ] ] We call on the IAB, the IETF, and the operational ] ] community to examine the specifications for the domain ] ] name system and consider whether additional ] ] specifications could improve the stability of the overall ] ] system. Most urgently, we ask for definitive ] ] recommendations regarding the use and operation of ] ] wildcard DNS names in TLDs and the root domain, so that ] ] actions and expectations can become universal. ] ] This really didn't get much coverage yesterday given that it ] came out shortly after Verisign's arrogant response. Its ] interesting. If ICANN could do something, this document would ] specifically say "Verisign is in violation of XYZ." It ] doesn't. What it says is that rules need to be reconsidered ] and clarified. IE, what they have done is not against the ] current rules. ICANN has the right under their contracts to ] create new policies, and Verisign must abide by those policies ] once they are approved within a reasonable period of time. ] This document is part of a long documentation trail that will ] ultimately result in Sitefinder getting shutdown. This ] process could take years. There are a number of methods ] that Verisign can use to delay things, including disputing the ] ICANN process, and filing a breach of contract suit along with ] a request for preliminary injunction preventing any new ICANN ] regulation from taking effect, and then delaying and delaying ] and delaying on going to trial, and then appealing and ] appealing... Once the court process is over with Verisign gets ] 4 months to implement any change ICANN requires. Furthermore, ] we're not anywhere near that stage yet. We are miles away. ] There is all kinds of IAB, IETF, and ICANN beaurocratic ] bullshit that has to occur first. ] ] I hope I'm wrong, but I doubt it. They should have had a ] clause in the contract that prevents Verisign from making ] disruptive changes without seeking approval. They don't. This ] is a loophole big enough to drive a truck through, and ] Verisign just did. By the time this actually gets resolved ] will we have been living with it for so long that no one will ] notice. I don't think you are wrong. It will take years. ] If this issue is not resolved by Phreaknic I will use my ] speaking time there to call for a move to a DNS system that ] exists outside of ICANN's control. Its not really their fault, ] but this situation cannot be allowed to go on for years. I have a few questions that I have not yet had the time to research.. What is the current size of the zone files for the major TLDs? What are the basic server requirements for a root server? Not one getting hit by 1/13th the world, but by just a few thousand subnets... If its just the place where all the lists of zones from the registries resides that needs to be managed by a single party, it would be much harder to make "changes" like VeriSign has that effect mass amounts of users. Every major IP provider provides a DNS server. Lets assume that the Root Servers did not exist, and that sucker had some new daemon that was just responsible for syncing lists from master hosts. In terms of data transfer, are we talking a 4G download when it inits, and 40M every day.. Or are we talking a 40G init and 1G a day.. How much RAM does BIND eat up when its got it all loaded? 512M? 1G? 4G? Basically, what are the current requirements for a root server? How have those requirements changed over time? Where is DNS and Moores Law? :) If making a root that doesn't get enormous query load only requires a box with 1G RAM, a decent CPU, and an 80G drive, that layer can be pushed much farther out.. Its just getting the lists publicly available, and something to keep them all synced. .. this sounds like a job for (trumpets and 'ta-da' sounds) p2p! [ update: Yeah, I know making a working system, that could be trusted, that works anything like what I hinted at would probably take years too. ] RE: ICANN can't do anything... |